Vulnerabilities > Incorrect Permission Assignment for Critical Resource
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-03-27 | CVE-2023-25817 | Incorrect Permission Assignment for Critical Resource vulnerability in Nextcloud Server Nextcloud server is an open source, personal cloud implementation. | 8.1 |
2023-03-27 | CVE-2023-1135 | Incorrect Permission Assignment for Critical Resource vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could set incorrect directory permissions, which could result in local privilege escalation. | 7.8 |
2023-03-27 | CVE-2023-27096 | Incorrect Permission Assignment for Critical Resource vulnerability in Opengoofy Hippo4J 1.4.3 Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker to obtain sensitive information via the ConfigVerifyController function of the Tenant Management module. | 6.5 |
2023-03-23 | CVE-2022-3101 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products A flaw was found in tripleo-ansible. | 5.5 |
2023-03-23 | CVE-2022-3146 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products A flaw was found in tripleo-ansible. | 5.5 |
2023-03-16 | CVE-2023-27084 | Incorrect Permission Assignment for Critical Resource vulnerability in Iteachyou Dreamer CMS 4.0.1 Permissions vulnerability found in isoftforce Dreamer CMS v.4.0.1 allows local attackers to obtain sensitive information via the AttachmentController parameter. | 5.3 |
2023-03-16 | CVE-2023-27095 | Incorrect Permission Assignment for Critical Resource vulnerability in Opengoofy Hippo4J Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module. | 6.5 |
2023-02-23 | CVE-2023-24205 | Incorrect Permission Assignment for Critical Resource vulnerability in Clash Project Clash 0.20.12 Clash for Windows v0.20.12 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via overwriting the configuration file (cfw-setting.yaml). | 9.8 |
2023-02-16 | CVE-2022-25992 | Incorrect Permission Assignment for Critical Resource vulnerability in Intel Oneapi-Cli Insecure inherited permissions in the Intel(R) oneAPI Toolkits oneapi-cli before version 0.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2023-02-09 | CVE-2022-21939 | Incorrect Permission Assignment for Critical Resource vulnerability in Johnsoncontrols Metasys System Configuration Tool Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie. | 6.1 |